Note: In this part of the lab, you will review internet resources on BIA and BCP in to form a basis for their purpose and usage. Understanding the reason behind a business continuity management policy is key to understanding the component policies and procedures. Please take the time to review the research thoroughly and think through the concepts of the policy itself.
1. In your browser, navigate to
http://www.ready.gov/business/implementation/continuity
and read the “Business Continuity Plan” article.
2. In your browser, navigate to
http://www.ready.gov/business-impact-analysis
and read the “Business Impact Analysis” article.
3. Write a brief summary of the information you found in the articles and websites. In your summary, describe what a BCP is and list the steps for developing a BCP. Also, describe what a BIA is, how you conduct a BIA, and how the BIA is related to the BCP.
1. Review the following sample BIA template:
Business Function or Process
Business Impact Factor
IT Systems/Apps Infrastructure Impacts
RTO/RPO
Internal and external voice communications with customers in real-time
Internal and external e-mail communications with customers via store and forward messaging
Domain Name System (DNS) server for internal and external Internet Protocol (IP) communications
Internet connectivity for e-mail and store-and-forward customer service
Self-service web site for customer access to information and personal account information
e-Commerce site for online customer purchases or scheduling 24x7x365
Payroll and human resources for employees
Real-time customer service via web site, e-mail, or telephone requires customer relationship management (CRM)
Network management and technical support
Marketing and events
Sales s or customer/student registration
Remote branch office sales entry to headquarters
Voice and e-mail communications to remote branches
Accounting and finance support: Accounts payable, Accounts receivable, etc.
2. For each business function or process described above, assign a business impact factor of Critical, Major, Minor, or None.
3. For each business function or process described above, identify the IT systems and applications impacted by the business function (for example, determine what would be affected if the function or process failed).
4.
Review the following metrics of the BCP policy definition:
· Recovery Time Objective (RTO): Defines how quickly IT systems, servers, applications, and access to data services and processes must be operational following an incident, including recovery of applications and data and end-user access to those applications
· Recovery Point Objective (RPO): Defines the point in time that marks the end of the period during which data can still be recovered using backups, journals, or transaction logs
Note: To best understand the difference between RTO and RPO, ask yourself these two questions:
· If the data center blew up, how much time can pass before the business is doomed? That’s the RTO.
· If the backups are failing, how far back can your backup losses go before business is ruined? That’s the RPO.
5. Review the following RTO and RPO metrics for the BIA:
Critical
RTO: 8 hours
RPO: 0 hours
Major
RTO: 24 hours
RPO: 8 hours
Minor
RTO: 1 week
RPO: 3 days
None
RTO: 1 month
RPO: 7 days
6. For each Business Function or Process, use the table above to assign an RTO/RPO according to the corresponding business impact factor.
7.
Create a business continuity plan policy for the fictional Bankwise Credit Union. In the plan, reference the RTO and RPO standards in the policy’s Standards section:
Bankwise Credit Union
Business Continuity Plan Policy
Policy Statement
Insert policy verbiage here.
Purpose/Objectives
Define the policy’s purpose and objectives. They should mirror the purpose/objectives of a business impact analysis (BIA).
Scope
Define this policy’s scope and whom it covers.
Standards
Does this policy point to any hardware, software, or configuration standards? In this case, you need to reference the recovery time objectives (RTOs) and recovery point objectives (RPOs) as standards and metrics. List them here and explain the relationship of this policy to these standards.
Procedures
Explain how you intend to implement this policy across the entire organization.
Guidelines
Explain any roadblocks or implementation issues that you must address in this section and how you will overcome them per defined policy guidelines.
Note: The following challenge exercise is provided to allow independent, unguided work – similar to what you will encounter in a real situation.
The C-level executives of the Bankwise Credit Union are confused about the differences between a business continuity policy and business continuity plan and how they work together. It is your job as CISO to create a document to explain these topics.
Use the internet to find further information on the differences between policies and plans in information security in general. Use this information to create a high-level explanation for C-level executives. Provide examples of real business continuity policies and how they could be useful in your organization.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more